+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: pass variable through segments with security (/showthread.php?tid=18457)
pass variable through segments with security - El Forum - 05-07-2009
[eluser]newbie boy[/eluser]
i need to pass two variables through segments which will be segment 3 and segment 4.
but i need security for this, for i will be passing the id's....
what is the best way to secure it...
hide maybe?
appreciate the help guys...
thanks....
pass variable through segments with security - El Forum - 05-07-2009
[eluser]xwero[/eluser]
Hiding is never a good security solution. If you have to pass variables they always are going to be semi public as they are going to be stored somewhere; a cookie, a session file on the server, the post global. Also if you send the variables over an http connection people could grab it.
The safest way is to use a https connection and encrypt the variables.
pass variable through segments with security - El Forum - 05-07-2009
[eluser]Evil Wizard[/eluser]
send it in the form action and use a redirect after it's processed to prevent reposts
pass variable through segments with security - El Forum - 05-07-2009
[eluser]n0xie[/eluser]
If they're ID's I assume they are integers?
If so you could easily check if the id's passed to the method are integers. If so, then your data is secure.
pass variable through segments with security - El Forum - 05-07-2009
[eluser]Michael Wales[/eluser]
What exactly are you trying to secure here? If it's just an ID to content within the database - just check if that content exists and if not throw a 404.
If users are limited as to the content they can see (for instance, you can see id=1 and id=2 but I can only see id=2) you will just need to make a call to the database to confirm authorization. If they are not authorized, throw a 403. This is best accomplished using an extended Controller or a pre-controller hook.
pass variable through segments with security - El Forum - 06-13-2010
[eluser]iConTM[/eluser]
Can someone give an example of throwing a 404 with CI?
In the controller class I have something like this:
Code:
function article ($article_id)
{
$article = $this->model->get_article($article_id);
if (!$article)
{
//throw error 404
return;
}
}pass variable through segments with security - El Forum - 06-13-2010
[eluser]pickupman[/eluser]
@iConTM looks like you got this answered already in your other thread.
pass variable through segments with security - El Forum - 06-14-2010
[eluser]coolgeek[/eluser]
[quote author="n0xie" date="1241713512"]If they're ID's I assume they are integers?
If so you could easily check if the id's passed to the method are integers. If so, then your data is secure.[/quote]
Is adding zero to the segment sufficient for ensuring that it is an integer? i.e.
Code:
$var = $this->uri->segment(3) + 0;or casting it to an int?
Code:
$var = (int)$this->uri->segment(3);pass variable through segments with security - El Forum - 06-20-2010
[eluser]iConTM[/eluser]
[quote author="pickupman" date="1276461729"]@iConTM looks like you got this answered already in your other thread.[/quote]
@pickupman: Yes indeed.
The CI error 404 page can be simply accessed by the following method:
Code:
show_404();